Hi,
If you’ve seen my posts earlier you will know I have been trying to get HestiaCP to set up Nginx to proxy to 8085 which is listened to on Apache.
The templates I made generate these .conf
( I had to make a blank template as they seem to need pairs of .tmp and .stmp )
HERE IS THE NGINX .CONF
/home/dave/conf/web/gldn.page/nginx.conf
server {
listen 78.110.163.102:80;
server_name gldn.page *.gldn.page;
return 301 https://$host$request_uri;
}
server {
listen 78.110.163.102:443 ssl http2;
server_name gldn.page *.gldn.page;
ssl_certificate /etc/letsencrypt/live/gldn.page/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/gldn.page/privkey.pem;
ssl_stapling on;
ssl_stapling_verify on;
error_log /var/log/apache2/domains/gldn.page.error.log error;
include /home/dave/conf/web/gldn.page/nginx.hsts.conf*;
location / {
proxy_pass http://127.0.0.1:8085;
location ~* ^.+\.(jpg|gif|bmp|ico|svg|tif|tiff|css|js|htm|html|ttf|otf|webp|woff|txt|csv|rtf|doc|docx|xls|xlsx|ppt|pptx|odf|odp|ods|odt|pdf|psd|ai|eot|eps|ps|zip|tar|tgz|gz|rar|bz2|7z|aac|m4a|mp3|mp4|ogg|wav|wma|3gp|avi|flv|m4v|mkv|mov|mpeg|mpg|wmv|exe|iso|dmg|swf)$ {
root /home/dave/web/gldn.page/public_html;
access_log /var/log/apache2/domains/gldn.page.log combined;
access_log /var/log/apache2/domains/gldn.page.bytes bytes;
expires max;
try_files $uri @fallback;
}
}
location /error/ {
alias /home/dave/web/gldn.page/document_errors/;
}
location @fallback {
proxy_pass https://78.110.163.102:8443;
}
location ~ /\.(?!well-known\/|file) {
deny all;
return 404;
}
proxy_hide_header Upgrade;
include /home/dave/conf/web/gldn.page/nginx.ssl.conf_*;
}
HERE IS THE APACHE .CONF
/home/dave/conf/web/gldn.page/apache2.conf
<VirtualHost 127.0.0.1:8085>
ServerName localhost
DocumentRoot /home/dave/web/gldn.page/public_html
ScriptAlias /cgi-bin/ /home/dave/web/gldn.page/cgi-bin/
Alias /vstats/ /home/dave/web/gldn.page/stats/
Alias /error/ /home/dave/web/gldn.page/document_errors/
#SuexecUserGroup dave dave
CustomLog /var/log/apache2/domains/gldn.page.bytes bytes
CustomLog /var/log/apache2/domains/gldn.page.log combined
ErrorLog /var/log/apache2/domains/gldn.page.error.log
IncludeOptional /home/dave/conf/web/gldn.page/apache2.forcessl.conf*
<Directory /home/dave/web/gldn.page/stats>
AllowOverride All
</Directory>
<Directory /home/dave/web/gldn.page/public_html>
AllowOverride All
Options +Includes -Indexes +ExecCGI
</Directory>
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php/php8.0-fpm-gldn.page.sock|fcgi://localhost"
</FilesMatch>
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
IncludeOptional /home/dave/conf/web/gldn.page/apache2.conf_*
IncludeOptional /etc/apache2/conf.d/*.inc
</VirtualHost>
Now I also opened the firewall which uses iptables
# iptables -L
root@expressresponse:/# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-HESTIA tcp -- anywhere anywhere tcp dpt:8083
fail2ban-MAIL tcp -- anywhere anywhere multiport dports smtp,submissions,submission,pop3,pop3s,imap2,imaps
fail2ban-FTP tcp -- anywhere anywhere tcp dpt:ftp
fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh
fail2ban-RECIDIVE tcp -- anywhere anywhere multiport dports tcpmux:65535
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 78-110-163-102.as42831.net anywhere
ACCEPT all -- server2.expressresponse.net anywhere
ACCEPT all -- server1.expressresponse.net anywhere
ACCEPT all -- localhost anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:8085
ACCEPT tcp -- anywhere anywhere tcp dpt:2525
ACCEPT tcp -- anywhere anywhere tcp dpt:2020
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere multiport dports http,https
ACCEPT tcp -- anywhere anywhere multiport dports ftp,12000:12100
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
So you can see it has opened the port.
So, Port 8085 appears open ?
And yet ….
# telnet localhost 8085
Trying ::1...
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
AND …
# ss -tnlp | grep apache2
LISTEN 0 511 94.46.186.222:8443 0.0.0.0:* users:(("apache2",pid=74117,fd=8),("apache2",pid=74116,fd=8),("apache2",pid=74115,fd=8),("apache2",pid=3435,fd=8))
LISTEN 0 511 78.157.211.222:8443 0.0.0.0:* users:(("apache2",pid=74117,fd=6),("apache2",pid=74116,fd=6),("apache2",pid=74115,fd=6),("apache2",pid=3435,fd=6))
LISTEN 0 511 78.110.163.102:8443 0.0.0.0:* users:(("apache2",pid=74117,fd=4),("apache2",pid=74116,fd=4),("apache2",pid=74115,fd=4),("apache2",pid=3435,fd=4))
LISTEN 0 511 94.46.186.222:8080 0.0.0.0:* users:(("apache2",pid=74117,fd=9),("apache2",pid=74116,fd=9),("apache2",pid=74115,fd=9),("apache2",pid=3435,fd=9))
LISTEN 0 511 78.157.211.222:8080 0.0.0.0:* users:(("apache2",pid=74117,fd=7),("apache2",pid=74116,fd=7),("apache2",pid=74115,fd=7),("apache2",pid=3435,fd=7))
LISTEN 0 511 78.110.163.102:8080 0.0.0.0:* users:(("apache2",pid=74117,fd=5),("apache2",pid=74116,fd=5),("apache2",pid=74115,fd=5),("apache2",pid=3435,fd=5))
LISTEN 0 511 127.0.0.1:8081 0.0.0.0:* users:(("apache2",pid=74117,fd=3),("apache2",pid=74116,fd=3),("apache2",pid=74115,fd=3),("apache2",pid=3435,fd=3))
Well I looked at the “ports.conf”
Which just had “# Powered by hestia”
I have added a line:
# Powered by hestia
listen 8085
And now it all works
root@expressresponse:/etc/apache2# ss -tnlp | grep apache2
LISTEN 0 511 94.46.186.222:8443 0.0.0.0:* users:(("apache2",pid=453977,fd=10),("apache2",pid=453976,fd=10),("apache2",pid=453975,fd=10),("apache2",pid=453974,fd=10))
LISTEN 0 511 78.157.211.222:8443 0.0.0.0:* users:(("apache2",pid=453977,fd=8),("apache2",pid=453976,fd=8),("apache2",pid=453975,fd=8),("apache2",pid=453974,fd=8))
LISTEN 0 511 78.110.163.102:8443 0.0.0.0:* users:(("apache2",pid=453977,fd=6),("apache2",pid=453976,fd=6),("apache2",pid=453975,fd=6),("apache2",pid=453974,fd=6))
LISTEN 0 511 94.46.186.222:8080 0.0.0.0:* users:(("apache2",pid=453977,fd=11),("apache2",pid=453976,fd=11),("apache2",pid=453975,fd=11),("apache2",pid=453974,fd=11))
LISTEN 0 511 78.157.211.222:8080 0.0.0.0:* users:(("apache2",pid=453977,fd=9),("apache2",pid=453976,fd=9),("apache2",pid=453975,fd=9),("apache2",pid=453974,fd=9))
LISTEN 0 511 78.110.163.102:8080 0.0.0.0:* users:(("apache2",pid=453977,fd=7),("apache2",pid=453976,fd=7),("apache2",pid=453975,fd=7),("apache2",pid=453974,fd=7))
LISTEN 0 511 127.0.0.1:8081 0.0.0.0:* users:(("apache2",pid=453977,fd=3),("apache2",pid=453976,fd=3),("apache2",pid=453975,fd=3),("apache2",pid=453974,fd=3))
LISTEN 0 511 *:8085 *:* users:(("apache2",pid=453977,fd=5),("apache2",pid=453976,fd=5),("apache2",pid=453975,fd=5),("apache2",pid=453974,fd=5))
Question: Will HestaCP overright the /etc/apache2/ports.conf file?
If so is there a better solution using HestiaCP rather than having to do this hack ?
Thanks